[Gllug] Memory scanning
Daniel P. Berrange
dan at berrange.com
Mon Sep 6 12:28:43 UTC 2010
On Mon, Sep 06, 2010 at 01:22:04PM +0100, James Courtier-Dutton wrote:
> On 6 September 2010 13:13, Richard Jones <rich at annexia.org> wrote:
> > On Mon, Sep 06, 2010 at 01:10:24PM +0100, James Courtier-Dutton wrote:
> >> Fortunately, the guest OS to host OS attack surface is small,
> >
> > Ha ha ha, yes, you keep on believing :-)
> >
>
> Ha ha ha, yes, the guest OS to host OS attack surface is approx equal
> to x86_amd64 CPU instruction set!!!
> So, my use of the "small" word was maybe a little off the mark. ;-)
It is not just the instruction set you need to be worried about. If
you look at the security updates, there's a good mix of flaws from
the instruction handling, with flaws in the QEMU device emulation
layer. It is "fun"[1] trying to make QEMU have the lowest possible
privileges, while still giving it access to privileged resources
like disks, TAP devices, host PCI & USB devices and who knows what
else the user wants their guest to access.
Daniel
[1] For a definition of "fun" which includes waterboarding
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list